mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
java_cert: add cert_content argument (#8153)
* add cert_content arg (#8034) * add changelog fragment (#8034) * Update plugins/modules/java_cert.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
a05a5982a6
commit
8f98ba9119
2 changed files with 33 additions and 6 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
|
|
@ -28,7 +28,7 @@ options:
|
||||||
cert_url:
|
cert_url:
|
||||||
description:
|
description:
|
||||||
- Basic URL to fetch SSL certificate from.
|
- Basic URL to fetch SSL certificate from.
|
||||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||||
type: str
|
type: str
|
||||||
cert_port:
|
cert_port:
|
||||||
description:
|
description:
|
||||||
|
@ -39,8 +39,14 @@ options:
|
||||||
cert_path:
|
cert_path:
|
||||||
description:
|
description:
|
||||||
- Local path to load certificate from.
|
- Local path to load certificate from.
|
||||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||||
type: path
|
type: path
|
||||||
|
cert_content:
|
||||||
|
description:
|
||||||
|
- Content of the certificate used to create the keystore.
|
||||||
|
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||||
|
type: str
|
||||||
|
version_added: 8.6.0
|
||||||
cert_alias:
|
cert_alias:
|
||||||
description:
|
description:
|
||||||
- Imported certificate alias.
|
- Imported certificate alias.
|
||||||
|
@ -55,10 +61,10 @@ options:
|
||||||
pkcs12_path:
|
pkcs12_path:
|
||||||
description:
|
description:
|
||||||
- Local path to load PKCS12 keystore from.
|
- Local path to load PKCS12 keystore from.
|
||||||
- Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching
|
- Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching
|
||||||
the certificate, and is used to import both the certificate and its private key into the
|
the certificate, and is used to import both the certificate and its private key into the
|
||||||
java keystore.
|
java keystore.
|
||||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||||
type: path
|
type: path
|
||||||
pkcs12_password:
|
pkcs12_password:
|
||||||
description:
|
description:
|
||||||
|
@ -149,6 +155,19 @@ EXAMPLES = r'''
|
||||||
cert_alias: LE_RootCA
|
cert_alias: LE_RootCA
|
||||||
trust_cacert: true
|
trust_cacert: true
|
||||||
|
|
||||||
|
- name: Import trusted CA from the SSL certificate stored in the cert_content variable
|
||||||
|
community.general.java_cert:
|
||||||
|
cert_content: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
...
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
keystore_path: /tmp/cacerts
|
||||||
|
keystore_pass: changeit
|
||||||
|
keystore_create: true
|
||||||
|
state: present
|
||||||
|
cert_alias: LE_RootCA
|
||||||
|
trust_cacert: true
|
||||||
|
|
||||||
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
|
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
|
||||||
community.general.java_cert:
|
community.general.java_cert:
|
||||||
cert_url: google.com
|
cert_url: google.com
|
||||||
|
@ -487,6 +506,7 @@ def main():
|
||||||
argument_spec = dict(
|
argument_spec = dict(
|
||||||
cert_url=dict(type='str'),
|
cert_url=dict(type='str'),
|
||||||
cert_path=dict(type='path'),
|
cert_path=dict(type='path'),
|
||||||
|
cert_content=dict(type='str'),
|
||||||
pkcs12_path=dict(type='path'),
|
pkcs12_path=dict(type='path'),
|
||||||
pkcs12_password=dict(type='str', no_log=True),
|
pkcs12_password=dict(type='str', no_log=True),
|
||||||
pkcs12_alias=dict(type='str'),
|
pkcs12_alias=dict(type='str'),
|
||||||
|
@ -503,11 +523,11 @@ def main():
|
||||||
|
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=argument_spec,
|
argument_spec=argument_spec,
|
||||||
required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True],
|
required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True],
|
||||||
['state', 'absent', ('cert_url', 'cert_alias'), True]],
|
['state', 'absent', ('cert_url', 'cert_alias'), True]],
|
||||||
required_together=[['keystore_path', 'keystore_pass']],
|
required_together=[['keystore_path', 'keystore_pass']],
|
||||||
mutually_exclusive=[
|
mutually_exclusive=[
|
||||||
['cert_url', 'cert_path', 'pkcs12_path']
|
['cert_url', 'cert_path', 'cert_content', 'pkcs12_path']
|
||||||
],
|
],
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
add_file_common_args=True,
|
add_file_common_args=True,
|
||||||
|
@ -515,6 +535,7 @@ def main():
|
||||||
|
|
||||||
url = module.params.get('cert_url')
|
url = module.params.get('cert_url')
|
||||||
path = module.params.get('cert_path')
|
path = module.params.get('cert_path')
|
||||||
|
content = module.params.get('cert_content')
|
||||||
port = module.params.get('cert_port')
|
port = module.params.get('cert_port')
|
||||||
|
|
||||||
pkcs12_path = module.params.get('pkcs12_path')
|
pkcs12_path = module.params.get('pkcs12_path')
|
||||||
|
@ -582,6 +603,10 @@ def main():
|
||||||
# certificate to stdout so we don't need to do any transformations.
|
# certificate to stdout so we don't need to do any transformations.
|
||||||
new_certificate = path
|
new_certificate = path
|
||||||
|
|
||||||
|
elif content:
|
||||||
|
with open(new_certificate, "w") as f:
|
||||||
|
f.write(content)
|
||||||
|
|
||||||
elif url:
|
elif url:
|
||||||
# Getting the X509 digest from a URL is the same as from a path, we just have
|
# Getting the X509 digest from a URL is the same as from a path, we just have
|
||||||
# to download the cert first
|
# to download the cert first
|
||||||
|
|
Loading…
Reference in a new issue